PDA

View Full Version : [SOLVED] [USN-151-2] zlib vulnerabilities



Martin Pitt
July 22nd, 2005, 06:00 PM
================================================== =========
Ubuntu Security Notice USN-151-2 July 22, 2005
dpkg, ia32-libs, amd64-libs vulnerabilities
CAN-2005-1849, CAN-2005-2096
================================================== =========

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

amd64-libs
amd64-libs-dev
dpkg
dpkg-dev
dselect
ia32-libs
ia32-libs-dev

On Ubuntu 4.10, the problem can be corrected by upgrading the affected
package to version 0.5ubuntu2.1 (ia32-libs and ia32-libs-dev),
1.0ubuntu3.1 (amd64-libs and amd64-libs-dev), and 1.10.22ubuntu2.1
(dpkg, dpkg-dev, dpkg-doc and dselect).

On Ubuntu 5.04, the problem can be corrected by upgrading the affected
package to version 0.5ubuntu3.1 (ia32-libs and ia32-libs-dev),
1.1ubuntu0.1 (amd64-libs and amd64-libs-dev), and 1.10.27ubuntu1.1
(dpkg, dpkg-dev, dpkg-doc and dselect).

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could
be exploited to cause Denial of Service attacks or even arbitrary code
execution with malicious data streams.

Most applications use the shared library provided by the "zlib1g"
package; however, some packages contain copies of the affected zlib
code, so they need to be upgraded as well.


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1.dsc
Size/MD5: 566 597900edb4fcbc1f6b6bb844ec97c36f
http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1.tar.gz
Size/MD5: 49207700 da5e4434540b089c37ecce6cd64daedb
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1.dsc
Size/MD5: 685 f28488761e95199837ac7e69d3fad589
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1.tar.gz
Size/MD5: 1724814 e66d889e3bad96722e235179a6be1a2d
http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1.dsc
Size/MD5: 569 6708cdc169856401811296f4d1a0a577
http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1.tar.gz
Size/MD5: 116066186 a90e9f2b245bffca461f8fb8564390e8

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.10.22ubuntu2.1_all.deb
Size/MD5: 165928 de79b4016b3d513e48aadf5d133e5471
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-doc_1.10.22ubuntu2.1_all.deb
Size/MD5: 10634 74e028be2ace14e94337eb4371b4185d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_amd64.deb
Size/MD5: 1300476 85d20f6a8dcf63f214a09b4aa5189587
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_amd64.deb
Size/MD5: 124242 ac29013f8aea0d158b803140f110bd2f
http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs-dev_0.5ubuntu2.1_amd64.deb
Size/MD5: 2168452 b13960c23aceaf24ce34a5ca59dc15bf
http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu2.1_amd64.deb
Size/MD5: 7340220 2a1c4fbd03d40a5c1d5bcbb2fa38f6c2

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs-dev_1.0ubuntu3.1_i386.deb
Size/MD5: 18578394 e7de564f64d09a60ef01fca731dfb212
http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.0ubuntu3.1_i386.deb
Size/MD5: 4491436 9d68ffa8ebf723669dd736176b78d1ed
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_i386.deb
Size/MD5: 1270512 9d0dea1f9a4859d044dbd3092db04941
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_i386.deb
Size/MD5: 117126 4607019cfb6916086f368a703270cf3b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.22ubuntu2.1_powerpc.deb
Size/MD5: 1299160 8314f4a3a1385ea3b1cec4eac9c56b62
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.22ubuntu2.1_powerpc.deb
Size/MD5: 125660 fe036e45cf73ad31e923ce8a7639b3bd

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1.dsc
Size/MD5: 559 6faab22d1f08ee941b9f7c77df4dee6b
http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1.tar.gz
Size/MD5: 49205918 1782974f00a630deb7117ae2e65e1d3b
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1.dsc
Size/MD5: 756 7c2ceea00047dc018305a4e8c7b921b9
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1.tar.gz
Size/MD5: 2115640 4ad640f42b0a186e1cd11155fad4488e
http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1.dsc
Size/MD5: 580 6c9abd5ab7ad0434731ac2bb42e9d4d5
http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1.tar.gz
Size/MD5: 150314670 c49ebe0b41858f8b19438e48615a8ebd

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.10.27ubuntu1.1_all.deb
Size/MD5: 166736 a4f4c32feb4e6a77378aaad2d3a2e8c7
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-doc_1.10.27ubuntu1.1_all.deb
Size/MD5: 10610 12e8d712d0196aca0f8bd4ea01cb43c1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_amd64.deb
Size/MD5: 1758074 3b1f6ed0624d1e51fba27a034cdef5c4
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_amd64.deb
Size/MD5: 124312 1b1c95376c42a30b49b18f06fe932188
http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs-dev_0.5ubuntu3.1_amd64.deb
Size/MD5: 2168448 e380e70fa36262325f2a64841460e8b5
http://security.ubuntu.com/ubuntu/pool/main/i/ia32-libs/ia32-libs_0.5ubuntu3.1_amd64.deb
Size/MD5: 7340126 1d950a66ec1b6a8f0bde791d62ae79c8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs-dev_1.1ubuntu0.1_i386.deb
Size/MD5: 18578320 17b3cd5a7d9450b82117c4d4f4c6358a
http://security.ubuntu.com/ubuntu/pool/main/a/amd64-libs/amd64-libs_1.1ubuntu0.1_i386.deb
Size/MD5: 4491660 18409adee3747a554565a2f4ac883d52
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_i386.deb
Size/MD5: 1726710 80786e07cb0a0d23e41929ea33e77580
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_i386.deb
Size/MD5: 116966 35d53d10d6787a06596743325d52bf4a

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.10.27ubuntu1.1_powerpc.deb
Size/MD5: 1762542 38296bfcd1e1ee1d426d38de9d682710
http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.10.27ubuntu1.1_powerpc.deb
Size/MD5: 125738 008f6431cc6919f46eae3b19b20be637

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFC4SN7DecnbV4Fd/IRAqhAAJ9HM1SO/FwMyn5D85NTebpTjOzDAQCfQYOy
4fbmzES0NGA4pyxDt8ddXYw=
=Tq41
-----END PGP SIGNATURE-----